<fix>[vm]: handle uefi secure boot

set smm state on (requested by uefi secure boot)

when secureBoot is true use OVMF_CODE.secboot.fd
and copy OVMF_VARS.secboot.fd to nvram directory

Resolves: ZSTAC-47508

Change-Id: I6361626b766a787075746c7668786b646f736877
Signed-off-by: AlanJager <ye.zou@zstack.io>

Author: AlanJager

kvmagent/kvmagent/plugins/vm_plugin.py

@@ -3755,8 +3755,12 @@ def on_x86_64():
                 e(os, 'type', 'hvm', attrib={'machine': machine_type})
                 # if boot mode is UEFI
                 if cmd.bootMode == "UEFI" or cmd.bootMode == "UEFI_WITH_CSM":
-                    e(os, 'loader', '/usr/share/edk2/ovmf/OVMF_CODE.cc.fd', attrib={'readonly': 'yes', 'type': 'pflash'})
-                    e(os, 'nvram', '/var/lib/libvirt/qemu/nvram/%s.fd' % cmd.vmInstanceUuid, attrib={'template': '/usr/share/edk2/ovmf/OVMF_VARS.fd'})
+                    if cmd.secureBoot:
+                        e(os, 'loader', '/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd', attrib={'readonly': 'yes', 'secure': 'true', 'type': 'pflash'})
+                        e(os, 'nvram', '/var/lib/libvirt/qemu/nvram/%s.fd' % cmd.vmInstanceUuid, attrib={'template': '/usr/share/edk2/ovmf/OVMF_VARS.secboot.fd'})
+                    else:
+                        e(os, 'loader', '/usr/share/edk2/ovmf/OVMF_CODE.cc.fd', attrib={'readonly': 'yes', 'type': 'pflash'})
+                        e(os, 'nvram', '/var/lib/libvirt/qemu/nvram/%s.fd' % cmd.vmInstanceUuid, attrib={'template': '/usr/share/edk2/ovmf/OVMF_VARS.fd'})
                 elif cmd.addons['loaderRom'] is not None:
                     e(os, 'loader', cmd.addons['loaderRom'], {'type': 'rom'})
 
@@ -3833,8 +3837,8 @@ def make_acpi():
             if get_gic_version(cmd.cpuNum) == 2:
                 e(features, "gic", attrib={'version': '2'})
 
-
-
+            if cmd.secureBoot:
+                e(features, 'smm', None, {'state': 'on'})
 
         def make_qemu_commandline():
             if not os.path.exists(QMP_SOCKET_PATH):